CVE-2022-0544Integer Underflow (Wrap or Wraparound) in Blender

CWE-191Integer Underflow (Wrap or Wraparound)4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 64.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
BlenderDebian BlenderDebian Linux
Timeline
PublishedFeb 24
Latest updateFeb 25

Description

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/blender< blender 3.1.2+dfsg-1 (bookworm)
NVDblender/blender2.90.02.93.8+2
Debianblender/blender< 2.83.5+dfsg-5+deb11u1+2
CVEListV5blender/blenderBlender versions prior to 2.83.19, 2.93.8 and 3.1

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-vcg5-3355-6jf2: An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted2022-02-25
OSV
CVE-2022-0544: An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted2022-02-24

📋Vendor Advisories

1
Debian
CVE-2022-0544: blender - An integer underflow in the DDS loader of Blender leads to an out-of-bounds read...2022
CVE-2022-0544 — Integer Underflow (Wrap or Wraparound) | cvebase